Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Accountants’ data ‘very attractive’ as cyber breaches spike

Accountants have been circled as an attractive "attack group" given the type and volume of data they retain for clients, and a 15 per cent spike in attacks last financial year has widened the net to include mid-size firms.

Earlier this week, the Australian Cyber Security Centre (ACSC) released it 2017 Threat Report, revealing that 47,000 major cyber security incidences occurred over the past financial year, a 15 per cent increase from the year before.

Advertisement

Advertisement

Deakin University Centre for Cyber Security Research deputy director, Professor Matthew Warren, said accountants were a prime target because of the level of data they had on hand.

“Accountants would be a very attractive attack group in terms of the fact that they could be defrauded of information about both them and their customers,” said Professor Warren.

Professor Warren also urged accountants to educate their SME clients on the financial toll a cyber attack would have on their business as a motivator to prioritise cyber security.

“A business, for example, with a denial of service attack could cost up to $180,000 to recover from that attack, and if it were affected by malware, it would cost up to $450 to recover from those attacks,” said Professor Warren.

“The average time to recover from a cyber attack was 23 days, so again for small businesses it can take a long time for them to recover.

“[Accountants can help] in terms of working with SMEs to develop strategies, to give advice, to help determine return on investments in cyber security, and in terms of giving advice on the systems perspective that SMEs should have in place.”

The ACSC report also detailed how an Australian small business with contracting links to national security projects was hacked in November 2016, leading to a significant amount of stolen data.

“A defence contractor who was an SME, his computer systems were hacked and files stolen which had data of national importance in terms of secret information so it highlights that attackers focus on the weakest link,” said Professor Warren.

“Smaller businesses have limited budgets and resources because they are a smaller organisation, they have a lack of technical knowledge and they have a lack of cyber security awareness in terms of the threats and they don't have any governance processes in place.”

As part of Stay Smart Online week, the ATO has issued guidance for taxpayers to stay vigilant this tax time.

“There are a few simple steps taxpayers can take to protect themselves online, including only giving out personal details to people you trust, keeping tabs on your tax affairs so you know what to expect, and to be cautious about personal information that you share, especially on social media,” said ATO assistant commissioner Kath Anderson.

Ms Anderson also highlighted scammers demanding gift cards as payment for alleged tax debts, and has been working with the ACCC and major retailers to warn at-risk customers.

“We are particularly concerned that vulnerable Australians who have little interaction with us are not only being led to believe that this is a legitimate request of payment from the ATO, but that they are also giving out personal information,” she said.

“The most common scams reported to the ATO are phone calls where a scammer demands payment for a fake tax debt or emails requesting personal identifying information or a fee to release a refund.

“These scammers use sophisticated techniques to get your money or data and can often use a variety of techniques such as ‘spoofing’ telephone numbers and replicating our branding in emails to try and legitimise the interaction.”

Professor Warren will be speaking on this topic, and more, at the Institute of Public Accountants’ National Congress in November.